Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1998_3

Bugtraq archives for 3rd quarter (Jul-Sep) 1998: Re: Environment variables (SECURITY: too many new packages)

Re: Environment variables (SECURITY: too many new packages)

Edward John Brocklesby (ejbCYBERSPACE.ORG)
Wed, 1 Jul 1998 11:18:23 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Pavel Kankovsky: "Re: Environment variables (SECURITY: too many new packages)"
Previous message: Darren Reed: "non-exec stacks on solaris."

Hi,

>will I assume be issuing identical updates) might like to take a look
>at how their own OS handles pointing the following at files only root
>can read and running setuid apps. (or setgid usage in some cases such as
>Mutt)

On NetBSD, and perhaps other OS's, the file ~/.termcap is also checked,
so ln -s /etc/master.passwd ~/.termcap could get the root password
(I haven't tested this myself)

        -ejb

Next message: Pavel Kankovsky: "Re: Environment variables (SECURITY: too many new packages)"
Previous message: Darren Reed: "non-exec stacks on solaris."